Cybercrime revenues exceeding drug trafficking?

Testimony from AT&T’s Chief Security Officer Edward Amoroso, in which he told a US Senate Commerce Committee that revenues from cybercrime – at $1 trillion annually – are now exceeding those of drug crime, have been confirmed by Finjan, the business Internet security expert.

“Our latest research suggests that, whilst the economic downturn is reducing the income of drug traffickers, cybercriminals are becoming ever more innovative in the ways they extract money from companies and individual,” said Yuval Ben Itzhak, Finjan’s Chief Technology Officer.

“In our Q1 2009 report on cybercrime, for example, we revealed that one single rogueware network are raking in $10,800 a day, or $39.42 million a year. If you extrapolate those figures across the many thousands of cybercrime operations that exist on the Internet at any given time, the results easily reach a trillion dollars,” he added.

According to Ben-Itzhak, Finjan’s Q1 2009 security trends report also revealed that traffic volume to compromised Web sites has increased significantly, so luring masses of potential buyers to rogueware offerings.

As we have reported many times in our quarterly reports, he said, cybercriminals keep on looking for improved methods to distribute their malware and rogueware.

And since they make money by trading stolen data or selling rogue software, they are always looking for new and innovative techniques all time, he explained.

“It’s against this backdrop that we can confirm AT&T CSO Amoroso’s testimony that cyber-security threats have increased significantly over the past five years, and have reached the point where they pose a significant threat to all organisations,” he said.

“We have seen a trend of unemployed IT personnel finding new and easy income by purchasing and using Crimeware Toolkits that are sold by professional hackers. We believe that this was just the beginning of a wider trend that we will experience in 2009 and 2010. Having the large number of layoffs of IT professionals all around the world, especially in the USA, we expect a rising number of people willing to “give it a try’ and to get stolen credit card numbers, online banking accounts and corporate data that they can use to generate income,” he added

“Because of this, we are urging companies to constantly review their IT security defences and the ways they monitor their IT resources against all forms of incursion and data leakages. It’s only with extreme vigilance that IT managers can reduce the risk of a serious cybercrime event causing severe fiscal damage to their firm,” he added.

UPDATE: Mike Murray pointed out a post by Richard Stiennon over at ZDNet that suggest these numbers are an exaggeration. This is why a question mark was added to the title. Comments are coming up on Twitter, connect with us here.